I'll ++1 to what Dark_Knight said. Be sure that you know all of the course material comfortably before you attempt the examination. The best way to gear for this is practice, practice, practice! I recommend doing the Extra Mile Exercises also to make yourself more familiar.

Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat - SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.

Last edited by esojzuir on Tue Mar 12, 2013 7:18 pm, edited 1 time in total.

esojzuir wrote:Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat - SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.

Sounds like you're ready. If you want more practice, search for buffer overflows at Exploit-DB. In some cases, the vulnerable software is included so you can download it and recreate the exploit.

esojzuir wrote:Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat - SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.

Sounds like you're ready. If you want more practice, search for buffer overflows at Exploit-DB. In some cases, the vulnerable software is included so you can download it and recreate the exploit.

Hey! I checked your website and you have awesome material! One question regarding your pivoting series. if I want to recreate your setup do I have to use a GNS3 setup or can I use, say a 2003 server with RRAS configured to act as a router? I think this tutorials are great to avoid using metasploit for pivoting on the exam, in case you need to pivot, and maybe save the opportunity to use it for a harder machine! Thanks again for your amazing website!

Last edited by esojzuir on Wed Mar 13, 2013 9:13 am, edited 1 time in total.

esojzuir wrote:Well regarding the material, I was able to get the windows sample on the module plus aditional excercises from Vivek (mini share, FreeSSH, Easy Chat - SEH Based) plus Stephen Bradshaw material on info sec institute. Right now I can do this type of overflows in a really consistent manner plus a few others taken from the exploit DB that are not in the form of tutorials but I was able to adapt them to fit both Vivek and Stephen methodologies.

Sounds like you're ready. If you want more practice, search for buffer overflows at Exploit-DB. In some cases, the vulnerable software is included so you can download it and recreate the exploit.

Hey! I checked your website and you have awesome material! One question regarding your pivoting series. if I want to recreate your setup do I have to use a GNS3 setup or can I use, say a 2003 server with RRAS configured to act as a router? I think this tutorials are great to avoid using metasploit for pivoting on the exam, in case you need to pivot, and maybe save the opportunity to use it for a harder machine! Thanks again for your amazing website!

You can use whatever setup you want really. The main thing is your pivot point (in my case the web server) has access to both networks and your attacking machine only has access to the web server. Glad you found the articles useful.